π¨ CVE-2023-3311
A vulnerability, which was classified as problematic, was found in SourceCodester Advance Charity Management System 1.0. This affects an unknown part of the file addsuppliers.php. The manipulation of the argument First name leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-231807.
π@cveNotify
A vulnerability, which was classified as problematic, was found in SourceCodester Advance Charity Management System 1.0. This affects an unknown part of the file addsuppliers.php. The manipulation of the argument First name leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-231807.
π@cveNotify
π¨ CVE-2023-32681
Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.
π@cveNotify
Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.
π@cveNotify
GitHub
Unintended leak of Proxy-Authorization header
### Impact
Since Requests v2.3.0, Requests has been vulnerable to potentially leaking `Proxy-Authorization` headers to destination servers, specifically during redirects to an HTTPS origin. This...
Since Requests v2.3.0, Requests has been vulnerable to potentially leaking `Proxy-Authorization` headers to destination servers, specifically during redirects to an HTTPS origin. This...
π¨ CVE-2023-35823
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.
π@cveNotify
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.
π@cveNotify
π¨ CVE-2023-35829
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c.
π@cveNotify
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c.
π@cveNotify
π¨ CVE-2023-35828
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c.
π@cveNotify
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c.
π@cveNotify
π¨ CVE-2023-35827
An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.
π@cveNotify
An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.
π@cveNotify
www.spinics.net
[PATCH net] net: ravb: Fix possible UAF bug in ravb_remove β Netdev
[PATCH net] net: ravb: Fix possible UAF bug in ravb_remove β Linux Network Development
π¨ CVE-2023-35826
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrus_remove in drivers/staging/media/sunxi/cedrus/cedrus.c.
π@cveNotify
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrus_remove in drivers/staging/media/sunxi/cedrus/cedrus.c.
π@cveNotify
π¨ CVE-2023-35825
An issue was discovered in the Linux kernel before 6.3.4. A use-after-free was found in r592_remove in drivers/memstick/host/r592.c.
π@cveNotify
An issue was discovered in the Linux kernel before 6.3.4. A use-after-free was found in r592_remove in drivers/memstick/host/r592.c.
π@cveNotify
π¨ CVE-2023-34096
Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In versions 3.06 and prior, the file `panorama.pm` is vulnerable to a Path Traversal vulnerability which allows an attacker to upload a file to any folder which has write permissions on the affected system. The parameter location is not filtered, validated or sanitized and it accepts any kind of characters. For a path traversal attack, the only characters required were the dot (`.`) and the slash (`/`). A fix is available in version 3.06.2.
π@cveNotify
Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In versions 3.06 and prior, the file `panorama.pm` is vulnerable to a Path Traversal vulnerability which allows an attacker to upload a file to any folder which has write permissions on the affected system. The parameter location is not filtered, validated or sanitized and it accepts any kind of characters. For a path traversal attack, the only characters required were the dot (`.`) and the slash (`/`). A fix is available in version 3.06.2.
π@cveNotify
GitHub
panorama: fix folder validation Β· sni/Thruk@cf03f67
make sure picture upload targets a folder below user content folder.
- CVE-2023-34096
- CVE-2023-34096
π¨ CVE-2023-35840
_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.
π@cveNotify
_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.
π@cveNotify
GitHub
[VD:LocalFileSystem] Security fixes, directory traversal vulnerability Β· Studio-42/elFinder@bb9aaa7
fixes
This issue was found by MichaΕ Majchrowicz & Livio Victoriano AFINE
Team. We give them a special thanks.
This issue was found by MichaΕ Majchrowicz & Livio Victoriano AFINE
Team. We give them a special thanks.
π¨ CVE-2023-35844
packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.
π@cveNotify
packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.
π@cveNotify
GitHub
Comparing 0.510.2...0.510.3 Β· lightdash/lightdash
Open source BI for teams that move fast β‘οΈ. Contribute to lightdash/lightdash development by creating an account on GitHub.
π¨ CVE-2023-35849
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly check whether header sizes would result in accessing data outside of a packet.
π@cveNotify
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly check whether header sizes would result in accessing data outside of a packet.
π@cveNotify
GitHub
More checks for correct header sizes Β· virtualsquare/picotcp@4b9a167
Reported-by: "P. Amsuo, Purdue University"
π¨ CVE-2023-35848
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 lacks certain size calculations before attempting to set a value of an mss structure member.
π@cveNotify
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 lacks certain size calculations before attempting to set a value of an mss structure member.
π@cveNotify
GitHub
Various fixes on size calculation by danielinux Β· Pull Request #15 Β· virtualsquare/picotcp
TCP: Fixed MSS size calculation, set lower MSS bound
TCP: Check options size before parsing MSS field
ipfilter: Check transport layer size before dereferencing port numbers
IPv4: Check transport la...
TCP: Check options size before parsing MSS field
ipfilter: Check transport layer size before dereferencing port numbers
IPv4: Check transport la...
π¨ CVE-2023-35847
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not have an MSS lower bound (e.g., it could be zero).
π@cveNotify
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not have an MSS lower bound (e.g., it could be zero).
π@cveNotify
GitHub
TCP: Fixed MSS size calculation. Set MSS lower bound. Β· virtualsquare/picotcp@eaf1660
Reported-by: "P. Amsuo, Purdue University"
π¨ CVE-2023-35846
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not check the transport layer length in a frame before performing port filtering.
π@cveNotify
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not check the transport layer length in a frame before performing port filtering.
π@cveNotify
GitHub
[ipfilter] Check transport layer length in frame before filtering ports Β· virtualsquare/picotcp@d561990
Reported-by: "P. Amsuo, Purdue University"
π¨ CVE-2023-35857
In Siren Investigate before 13.2.2, session keys remain active even after logging out.
π@cveNotify
In Siren Investigate before 13.2.2, session keys remain active even after logging out.
π@cveNotify
π¨ CVE-2023-35856
A buffer overflow in Nintendo Mario Kart Wii RMCP01, RMCE01, RMCJ01, and RMCK01 can be exploited by a game client to execute arbitrary code on a client's machine via a crafted packet.
π@cveNotify
A buffer overflow in Nintendo Mario Kart Wii RMCP01, RMCE01, RMCJ01, and RMCK01 can be exploited by a game client to execute arbitrary code on a client's machine via a crafted packet.
π@cveNotify
GitHub
GitHub - MikeIsAStar/Mario-Kart-Wii-Remote-Code-Execution: Injects arbitrary code into a client's game.
Injects arbitrary code into a client's game. Contribute to MikeIsAStar/Mario-Kart-Wii-Remote-Code-Execution development by creating an account on GitHub.
π¨ CVE-2023-35855
A buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a remote client's machine by modifying the lservercfgfile console variable.
π@cveNotify
A buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a remote client's machine by modifying the lservercfgfile console variable.
π@cveNotify
GitHub
GitHub - MikeIsAStar/Counter-Strike-Remote-Code-Execution: Injects arbitrary code into a client's game.
Injects arbitrary code into a client's game. Contribute to MikeIsAStar/Counter-Strike-Remote-Code-Execution development by creating an account on GitHub.
π¨ CVE-2023-35853
In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section.
π@cveNotify
In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section.
π@cveNotify
Stamus-Networks
Stamus Labs | Stamus Networks
Stamus Networks has a long history of developing and supporting open source technologies. Our founders are both members of the Open Information Security Foundation executive team and developers on the Suricata project. Stamus Labs currently manages four activeβ¦
π¨ CVE-2023-35852
In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation.
π@cveNotify
In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation.
π@cveNotify
Stamus-Networks
Stamus Labs | Stamus Networks
Stamus Networks has a long history of developing and supporting open source technologies. Our founders are both members of the Open Information Security Foundation executive team and developers on the Suricata project. Stamus Labs currently manages four activeβ¦